Privacy policy

Last Updates: January 01, 2022

Introduction

Privacy is important to CSI and we know it is important to you too. This Privacy Notice describes what information we collect about you and how we will gather, share, use, and protect that information. As used in this Privacy Notice, terms such as “CSI,” “we,” and “our” refer to Cardiovascular Systems, Inc. “You,” “your,” “user,” and similar terms refer to you the individual interacting with CSI and this website, or any person on whose behalf you are interacting with CSI and this website, and any person or entity that has rights through you.

This Privacy Notice applies only to information collected on or through the websites owned and operated by CSI or through other interactions with CSI. This Privacy Notice does not apply to information collected by any third party, including through any link, content, or application that is accessible from or on our website.

By using CSI websites, you agree to the terms of the most recent version of this Privacy Notice. Please read our Terms of Use to understand the general rules about your use of this website. Except as written in any other disclaimers, policies, terms of use, or other notices on this website, this Privacy Statement and the Terms of Use are the complete agreement between you and CSI with respect to your use of this website. You may be subject to additional terms that may apply when you access specific services or materials on certain areas in this website, or when you follow a link from this website.

Collecting Your Information

In some places on CSI websites, you have the opportunity to send CSI personal information about yourself, to elect to receive particular information, or to participate in an activity. For example, you may fill out a registration form, a survey, or an e-mail form and you may elect to receive educational material about our products and therapies.

You also may choose to allow us to personalize your visits to the website, in which case we will ask you for certain personal information to make your visits to our website more helpful to you. When this information is combined with the information that we collect through cookies (described below), we will be able to tell that you have visited our website before and can personalize your access to our website, for example, by telling you about new features that may be of interest to you.

We also obtain personal information from the following categories of sources:

  • Directly from consumers’ interactions with us, including with our applications, websites, services, and representatives
  • Publicly available sources
  • During clinical trials, Customers, including health care providers and contract research organizations
  • Organizations with whom we partner to provide services
Categories of Information We Collect

The following is personal information we may use to specifically identify you, such as your:

  • Identifiers such as:
    • Name
    • Address
    • Unique personal identifier (e.g., device ID, online identifier)
    • Internet Protocol address
    • Email address
    • Account name
    • For U.S. healthcare providers, a National Provider Identifier# (NPI) and/or a state license number
    • Social security number
    • Driver’s license number, or
    • Other similar identifiers
  • Characteristics of protected classifications under state/federal law (e.g., age, race, sex, medical condition, etc.)
  • Medical information
  • Health insurance information
  • Financial information, including credit card numbers
  • Biometric information (e.g., imagery of the iris, retina, fingerprint, face, or other data that contain identifying information)
  • Commercial information (e.g., purchase history)
  • Internet or other electronic network activity information (e.g., browsing history, interaction with CSI website, etc.)
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory, or similar information (e.g., call recordings)
  • Professional, employment-related, or other similar information
Cookies and Similar Technology

We may also collect information through cookies, pixels, web beacons, and similar technologies (“cookies”). Cookies are used to collect information for business purposes, such as enabling essential website functions and improving the user experience. You are free to decline our cookies if your browser permits, but some parts of our website may not work properly for you if you do so.

CSI may use third-party tracking, advertising, and content providers to act on our behalf to track and analyze usage of our sites and to enable certain essential website functions, such as navigation. These companies protect that data in accordance with their privacy policies. These third parties may collect, and share with us, as we may request, website usage information about visits to our sites, measure and research the effectiveness of our advertisements, and track page usage and paths followed during visits through our sites. Also, these third-party providers may place our Internet banner advertisements on other sites that you visit, and track use of our Internet banner advertisements and other links from our marketing partners’ sites to our sites. To the extent the information collected on CSI’s behalf by these third parties contains any personally identifiable information, we will protect it in accordance with this Privacy Notice. Please refer to your browser Help instructions to learn more about managing cookies. And see below for an explanation how to opt out of our use of cookies.

Do Not Track

Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. Because there currently is not an industry or legal standard for recognizing or honoring do not track signals, we do not honor do not track requests at this time.

Children’s information

We care about protecting the online privacy of children. We will not intentionally collect personal information (such as a child’s name or e-mail address) from children under the age of 13. If you think that we have collected personal information from a child under the age of 13, please contact us via the contact information below.

Use of Your Information

We may keep and use personal information we collect from you through this website to provide you with access to this website. In addition, we may keep and use your personal information:

  • To respond to your requests
  • To personalize your access to our website, for example, by telling you about new features that may be of interest to you
  • To develop records, including records of your personal information
  • To contact you with information that might be of interest to you, including, to the extent permitted by law, information about clinical trials and educational and marketing communications about products and services of ours and of others
  • For analytical purposes and to research, develop and improve programs, products, services and content
  • For U.S. healthcare providers, to link your name, National Provider Identifier (NPI), state license number, and/or your IP address to web pages you visit, for compliance, marketing, and sales activities
  • To remove your personal identifiers (your name, e-mail address, social security number, etc.). In this case, you would no longer be identified as a single unique individual. Once we have de-identified information, it is non-personal data and we may treat it like other non-personal information.
  • To enforce this Privacy Notice and other rules about your use of this website
  • To protect someone’s health, safety or welfare
  • To protect our rights or property
  • To comply with a law or regulation, court order or other legal process
Retention

We will retain your Personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Site to you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to the enforcement of the Terms of Use, applicable statutes of limitations, litigation or regulatory investigations).

Sharing your Personal Information

CSI will not sell or lease your personal information to a third party, however there are certain circumstances where we may share your personal information. We will only share your Personal information as indicated in this Privacy Notice, with your permission, or as otherwise permitted by law.

  • We may share or transfer your Personal information if all or part of our business is sold, merged, dissolved, acquired, reorganized, or subject to a similar transaction.
  • We may share your Personal information with third parties if we use those third parties to perform services for our business or on our behalf. These third party services may include:
    • Processing your order
    • Managing your account
    • Receiving payment
    • Or, sending you and email message on our behalf
  • We may also use third parties to host or operate some of our websites or related computers and software applications
  • We may share your personal information with our CSI subsidiaries and affiliates
  • We may share your personal information to comply with court order or other legal process or requirements or to protect the safety for you, members of the public, other users of this website, or any other person, or to protect our rights or the rights of others
  • In addition, we may share or use your personal information for any other legally-permitted business purpose upon our sole discretion
  • Depending on the features of this website, we may use or share personal information to track your activities/progress on and through this website

Please note: In addition to the ways that we may keep, disclose, and use information described in this Privacy Notice, we also may keep, disclose, and use personal information in ways that we believe are consistent with FDA and other governmental guidance, directions, regulations, and laws, where applicable.

International Transfers of Your Personal Information

CSI operates in various countries throughout the world, including, but not limited to, the US, Canada, European Economic Area (hereafter ‘EEA’), Australia, UK, and Japan. Personal information may be stored, processed, transferred, and accessed from the United States and other countries which may not guarantee the same level of protection of Personal information as the one in which you reside. In such case, CSI will rely on mechanisms permitted under the laws of your country where you are located to affect the transfer with appropriate safeguards.

For all transfers of EEA personal information to countries outside the EEA, CSI will transfer personal information only to countries on the basis of an adequacy decision of the European Commission or, where no adequacy decision is available, on the basis of standard data protection clauses adopted by the European Commission or any other legal ground explicitly allowed by the GDPR.

Protecting your Information

We protect your information using safeguards that comply with applicable laws and regulations. This includes measures that are administrative, physical, and technical in nature. We use commercially reasonable measures to secure our websites and protect the information that may be shared over these sites or in the course of interacting with CSI. No internet transmission is 100% secure or error-free. In particular, e-mail sent to or from this site may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

Accessing, Removing, or Correcting Your Personal Information

If you wish to access, remove, or correct any personally identifying data you have supplied to us, or if you have any questions about this Privacy Policy, you may reach us by mail, phone, or email using the information below within the Contact Us section. We will process all requests in accordance with applicable laws and regulations. Please understand that in order to protect your privacy and security, we may also need to take reasonable steps to verify your identity before granting access or making corrections.

How to Contact Us

If you have any questions or comments about this Privacy Notice or if you want to execute any of your rights regarding your Personal information, please contact us.

Cardiovascular Systems, Inc.

1225 Old Highway 8 NW

St. Paul, MN 55112

877-344-2714 (toll free)

compliance@CSI360.com

What About Privacy on Other Websites

Our CSI website may offer links to other sites. If you visit one of these sites, you may want to review the privacy Notice on that site. In addition, you may have visited our website through a link or a banner advertisement on another site. In such cases, the site you linked from may collect information from people who click on the banner or link. You may want to refer to the privacy policies on those sites to see how they collect and use this information.

What Happens If This Notice Changes

If we decide to make a significant change to this Privacy Notice, we will provide a notice on the web site for a period of time after the change is made. Significant changes will also be described for you. Any changes will be effective when we post the revised Privacy Statement. You can check at the top of this Privacy Statement when it was most recently updated.

Social Media and Third Party Platforms

Certain situations or functionalities on this website may permit you to choose to cross-post or share information on a third party social media site or platform such as Facebook, Instagram, LinkedIn, Twitter, Google+, or other similar sites (collectively, “Social Media Sites”). CSI does not own or control such Social Media Sites, and posting your information on Social Media Sites is subject to the third party’s privacy Notice and other legal terms, which may or may not provide privacy protections you agree with. CSI is not responsible for any act or omission of any Social Media Site, nor are we responsible for the consequences of choosing to share your information on Social Media Sites.

California Residents

This notice for California residents supplements the information contained in this Privacy Notice and applies solely to residents of the State of California. We adopt this Supplemental Notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Supplemental Notice. Under the California Consumer Privacy Act (“CCPA”), you have certain rights in relation to some of your personal information, including the right to certain disclosures and explanations of rights. This section explains your rights under California law.

Categories of Personal information we may collect

CSI collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household (“personal information”). We may have collected the following categories of
personal information from consumers through our websites, apps, services, devices, or other services within the twelve (12) months preceding the effective date of this Privacy Notice:

  1. Identifiers such as
    • Name
    • Address
    • Unique personal identifier (e.g., device ID, online identifier)
    • Internet Protocol address
    • Email address
    • Telephone number
    • Account name
    • Social security number
    • Driver’s license number, or
    • Other similar identifiers
  2. Characteristics of protected classifications under California/federal law (e.g., age, race, sex, medical condition, etc.)
  3. Medical information
  4. Health insurance information
  5. Financial information, including credit card numbers
  6. Biometric information (e.g., imagery of the iris, retina, fingerprint, face, or other data that contain identifying information)
  7. Commercial information (e.g., purchase history)
  8. Internet or other electronic network activity information (e.g., browsing history, interaction with our website, etc.)
  9. Geolocation data
  10. Audio, electronic, visual, thermal, olfactory, or similar information (e.g., call recordings)
  11. Professional, employment-related, or other similar information

“Personal information” under the California Consumer Privacy Act does not include information that is

  • publicly available from government records,
  • de-identified or aggregated consumer information,
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, or
  • certain personal or financial information covered under certain sector-specific privacy laws.
Categories of Sources of Personal information

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from consumers’ interactions with us, including with our applications, websites, services, and representatives
  • Publicly available sources
  • During clinical trials, Customers, including health care providers and contract research organizations
  • Organizations with whom we partner to provide services
Use or Disclosure of Personal information

In the past 12 months, we have used or disclosed the personal information we collect for our operational purposes and for one or more of the following business purposes:

  • To respond to your requests
  • To personalize your access to our website, for example, by telling you about new features that may be of interest to you
  • To develop records, including records of your Personal information
  • To contact you with information that might be of interest to you, including, to the extent permitted by law, information about clinical trials and educational and marketing communications about products and services of ours and of others
  • For analytical purposes and to research, develop and improve programs, products, services and contentFor U.S. healthcare providers, to link your name, National Provider Identifier (NPI), state license number, and/or your IP address to web pages you visit, for compliance, marketing, and sales activities
  • To remove your personal identifiers (your name, e-mail address, social security number, etc.). In this case, you would no longer be identified as a single unique individual. Once we have de-identified information, it is non-personal information, and we may treat it like other non-personal information.
  • To enforce this Privacy Notice and other rules about your use of this website
  • To protect someone’s health, safety or welfare
  • To protect our rights or property
  • To comply with a law or regulation, court order or other legal process
How We Share Personal information

CSI will not share personal information with an unrelated third party without permission, except as described below. CSI may share personal information with any member of our corporate group, including parent companies, subsidiaries, and affiliates, and other companies in which we have an ownership or economic interest for purposes that are consistent with those identified in our Privacy Notice. CSI may share or transfer personal information as part of a transaction, such as a merger or acquisition, under which a third party acquires or full or partial ownership of a CSI affiliate, subsidiary, or business. In the ordinary course of business, we will share some personal information with companies, such as service providers, that we hire to perform services or functions on our behalf. Some companies performing services on our behalf may collect personal information for us. In all cases in which we share consumers’ personal information with a third party vendor, we require them to keep personal information confidential, and will only allow them to keep, disclose, or use consumers’ information to provide the services we asked them to provide. We may be required to release consumers’ personal information in response to a court order, subpoena, search warrant, law, or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting users who violate our rules or engage in behavior which is harmful to other users or illegal. In addition, we may keep, disclose, and use consumers’ personal information in order to comply with U.S. FDA and other governmental guidance, directions, regulations, and laws.

Categories of Personal information We Sell

We do not sell personal information of California consumers.

This does not include disclosures that are not a “sale” under the CCPA, including when

  • Consumers instruct us to disclose their personal information,
  • A consumer instructs us to interact with a third party that does not sell that information,
  • We use or share consumers’ personal information pursuant to a written contract with a service provider that is necessary to perform a business purpose, where our contract prevents the provider from using, keeping, or disclosing consumers’ personal information for any purpose other than the reason supplied in the contract, or
  • Consumers’ personal information is transferred as part of a transaction in which the third party assumes control of all or part of our business.
Personal information on Minors

We do not sell personal information of California consumers, including minors.

Rights under California Law
  1. Right to Access. If you are a California consumer, you have the right to ask us to send you the following information up to two times in a twelve-month period.
    • The categories of personal information we have collected about you.
    • The categories of sources from which we collected the personal information.
    • Our business or commercial purpose for collecting personal information.
    • The categories of third parties with whom we share personal information.
    • What categories of personal information we disclose about you for business purposes.
    • What categories of personal information we sell or exchange for consideration about you.
    • The specific pieces of personal information we have collected about you.
  2. Right to Delete. If you are a California consumer, you have the right to ask us to delete the personal information about you we have collected. We may deny the request if the information is necessary to:
    • Complete a transaction, including providing a requested or reasonably anticipated good or service, or fulfill a contract between the consumer and CSI
    • Detect and protect against security incidents, malicious, deceptive, fraudulent, or illegal activity, or take against those responsible for such activity
    • Debug to identify and repair errors impairing intended functionality
    • Exercise free speech or another right provided for by law
    • Comply with the California Electronic Communications Privacy Act
    • Engage in research in the public interest adhering to applicable ethics and privacy laws where the consumer has provided informed consent
    • Enable solely internal uses reasonably aligned with the consumer’s expectations based on the consumer’s relationship with CSI
    • Comply with a legal obligation
    • Otherwise use the information internally in a lawful manner compatible with the context in which the consumer provided the information
  3. Right to Opt-out. If a business sells personal information to third parties, California consumers have the right, at any time, to opt out of the sale or disclosure of their personal information to third parties. CSI does not sell personal information to third parties.
Contact Us

If you are a California resident and you want to submit a request or inquiry to us regarding your California rights, you or your authorized agent can contact us at

Cardiovascular Systems, Inc.

1225 Old Highway 8 NW

St. Paul, MN 55112

877-344-2714 (toll free)

compliance@CSI360.com

You do not have to create an account with us to submit a request.

Your request will be confirmed within ten days of receipt and we will respond within 45 days. If we need more than 45 days, we will notify you that your request is being delayed.

We can only respond to your request if it is verifiable. This means we are obligated to take reasonable steps to verify your identity or your authorized agent’s authority and your right to access the information you request. In the process of verifying your request, we may contact you to ask for additional information that will help us do so, including government-issued IDs containing your name and address, utility bills containing that same information, and/or unique identifiers like usernames. We will only use that additional information in the verification process, and not for any other purpose. Once we have received and verified the requested information from you, we will contact you with our response to your request, including any data, if applicable. If we do not hear from you or are unable to verify your identity for the request, we will contact you to inform you that we cannot process your request because we cannot verify your identity.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

EU Residents

CSI provides this Supplemental Privacy Notice to individuals (“you”, “your”, “data subject”) in the European Union (EU). You have certain data privacy rights, as defined by the EU’s General Data Protection Regulation (GDPR). Your privacy rights relative to your relationship with CSI may vary depending on circumstances, as described below.

Your Rights

Under data protection laws, you may have rights as an individual in relation to the personal information we hold about you (with certain limitations and exceptions). These rights include:

  • The right to object to, on grounds relating to your particular situation, to CSI’s processing of personal information about you, unless CSI demonstrates compelling legitimate grounds for continuing such processing. You also have the right to object to automated decision- making, including profiling, used by CSI
  • The right to request that we restrict processing of your personal information held by CSI
  • The right to portability and access to the personal information that we process about you
  • The right to request the deletion of your personal information
  • The right to request the rectification of your personal information
  • You also have the right to lodge a complaint with a supervisory authority

If you wish to exercise any of your rights, as described above, please submit your request to CSI by using the information in the Contact Us section below.

Processing Your information

We may need to hold, process, and transfer your Personal information, but will do so solely for legitimate business purposes in accordance with applicable laws, regulations, and guidelines. We will only disclose your personal information on a need-to-know basis to those who are authorized to use it for these purposes.

We process the personal information listed above for purposes including:

  • User consent – This is where you have given us permission to process Personal information for a given purpose. You have the right to withdraw this consent at any time.
  • Legitimate business purposes – This is where we have a legitimate interest, as a business, to process Personal information. We take due care to balance our interests against your right to privacy.
  • Contractual necessity – This is where we have to process Personal information to meet our contractual obligations.
  • Legal obligation – This is where we have to process Personal information in order to comply with the law.
Contact Us

If you are an EU resident and you want to submit a request or inquiry to us regarding your EU rights, you or your authorized agent can contact us at

Cardiovascular Systems, Inc.

1225 Old Highway 8 NW

St. Paul, MN 55112

877-344-2714 (toll free)

compliance@CSI360.com